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DESCRIPTION 



DEVICE AUTHENTICATION INFORMATION INSTALLATION SYSTEM 



Technical Field 

The present invention relates to apparatus such as 
a terminal. More particularly, the present invention 
relates to a technique for safely handling apparatus 
authentication information in an apparatus by encrypting 
the information, storing the encrypted information in the 
apparatus and decrypting the encrypted information in the 
apparatus . ■ ■ 

Background Art 

In recent years, CE (Consumer Electronics) 
apparatus have been becoming popular and getting widely 
used. Examples of the CE apparatus are audio-visual 
apparatus such as a video deck, a stereo set and a 
television, household electronic appliances such as a 
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rice cooker and a refrigerator and other electronic 
apparatus each including an embedded computer for 
deriving benefit from a service rendered through a 
network . 

Services provided by servers include a service 
requiring that a CE apparatus be authenticated. For this 
reason, the CE apparatus includes apparatus 
authentication information embedded in advance at the 
factory as .information used for authenticating the 
apparatus . ■ .. 

FIG. 18 is an explanatory diagram referred to in 
description of the conventional method to include 
apparatus authentication information in an apparatus. 
Apparatus authentication information to be included in CE 
apparatus is managed by a management server 107 of a 
management center 103. 

The management server 107 transmits apparatus 
authentication information to a factory 105 serving as a 
factory manufacturing CE apparatus. 

Since the apparatus authentication information is 
secret information that must be handled with strict 
confidence, the apparatus authentication information is 
transmitted to the factory 105 by making efforts to 
prevent the information from being leaked out to others. 
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At the factory 105, a connection means 110 is 
linked to a connector of a CE apparatus 109. The 
connection means 110 is a unit for receiving apparatus 
authentication information from the management server 107 
and supplying the information to the CE apparatus 109. 

The connection means 110 has an embedded function 
to decrypt encrypted apparatus authentication information 
Thus, the connection means 110 is capable of decrypting 
encrypted apparatus authentication information received 
from the management server 107. 

The connection means 110 then supplies the 
decrypted apparatus authentication information to the CE 
apparatus 109 to be stored in a storage unit employed in 
the CE apparatus 109. • 

As an invention for including apparatus 
authentication information in a CE apparatus as described 
above, there have been discovered an electronic-apparatus 
manufacture system and an electronic -apparatus - 
manufacturing method, which are disclosed in Japanese 
Patent Laid-Open No. 2001-134654. 

In accordance with this invention, on the basis of 
a product serial number written on a barcode label seal 
pasted on a CE apparatus, apparatus authentication 
information of the apparatus is read out from a database 
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and included in the apparatus . 

By the way, with the conventional method, the 
connection means 110 decrypts apparatus authentication 
information. It is thus quite within the bounds of 
possibility that the apparatus authentication information 
is leaked out from the connection means 110. 

In recent years particularly, there are many cases 
in which low- cost overseas producers are entrusted with 
manufacturing of products. It is thus necessary to 
provide a mechanism for including apparatus 
authentication information transmitted to the factory 105 
in a CE apparatus 109 with a high degree of reliability 
without leaking out the apparatus authentication 
information to others. 

It is desired to provide a terminal or the like 
capable of including apparatus authentication information 
in an apparatus with a high degree of safety. 

It is desired to confirm that apparatus 
authentication information has been included in an 
apparatus properly in a state of handling the information 
with strict confidence. 

Disclosure of Invention 

In order to achieve the above objects of the 
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present invention, in accordance with configuration 1 of 
the present invention, there is provided an apparatus 
authentication information inclusion system, which 
includes a providing server and a terminal and is used 
for including apparatus authentication information in the 
terminal as information used by an apparatus 
authentication server to authenticate the terminal. The 
apparatus authentication information inclusion system is 
characterized in that: 

the providing server provides source information 
used as a source for generating apparatus authentication 
information to the terminal and provides the apparatus 
authentication information or the source information to 
the apparatus authentication server for authenticating 
the terminal; and 

the terminal stores information as information 
necessary for transmitting the apparatus authentication 
information by using the received source information and, 
at a terminal authentication time, transmits the 
apparatus authentication information generated from the 
source information by using the stored information to the 
apparatus authentication server. 

In accordance with configuration 2, in the 
apparatus authentication information inclusion system 
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according to configuration 1, 

the providing server provides the terminal with a 
conversion value obtained as a result of a conversion 
process carried out by using a predetermined directional- 
function on apparatus authentication information 
generated from the source information; 

the terminal generates a conversion value by- 
execution of a conversion process using the predetermined 
directional -function on apparatus authentication 
information generated from the received source 
information; and 

the terminal compares the generated conversion 
value with the conversion value received from the 
providing server to produce a result of determination as 
to whether the generated conversion value is. equal to the 
received conversion value. 

In accordance with configuration 3, in the 
apparatus authentication information inclusion system 
according to configuration 1, 

the terminal provides the providing server with a 
conversion value obtained as a result of a conversion 
process carried out by using a predetermined directional - 
function on apparatus authentication information 
generated from the source information, 
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the providing server generates a conversion value 
by execution of a conversion process using the 
predetermined directional -function on apparatus 
authentication information generated from the received 
source information, and 

the providing server compares the generated 
conversion value with the conversion value received from 
the terminal to produce a result of determination as to 
whether or not the generated conversion value is equal to 
the received conversion value. 

In order to achieve the above objects of the 
present invention, in accordance with configuration 4 of 
the present invention, there is provided a terminal 
characterized in that the terminal includes: 

source- information acquisition means for acquiring 
source information provided by a providing server as a 
source used for generating apparatus authentication 
information; 

generation means for generating apparatus 
authentication information from the acquired source 
information; and 

apparatus authentication information transmission 
means for transmitting the generated apparatus 
authentication information to an apparatus authentication 
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server at an apparatus' authentication time. 

In accordance with configuration 5, in the terminal 
according to configuration 4, 

the source information is encrypted apparatus 
authentication information obtained as a result of a 
process to encrypt the apparatus authentication 
information, and 

the generation means generates the apparatus 
authentication information by decrypting the encrypted 
apparatus authentication information. 

In accordance with configuration 6, the terminal 
according to configuration 4 further has storage means 
for encrypting apparatus authentication information 
generated by the generation means and storing a result of 
encrypting the apparatus authentication information, 
wherein the apparatus authentication information 
transmission means decrypts apparatus authentication 
information stored in the storage means and transmits a 
result of decrypting the apparatus authentication 
information. 

In accordance with configuration 7, the terminal 
according to configuration 6 further has key generation 
means, which is used for generating an encryption key for 
processes to encrypt apparatus authentication information 
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to be stored into the storage means and decrypt apparatus 
authentication information stored in the storage means by 
using information peculiar to the terminal when it is 
desired to utilize the encryption key. 

In accordance with configuration 8> the terminal 
according to configuration 7 further has key deletion 
means for deleting the generated encryption key within a 
predetermined period right after use of the encryption 
key. 

In accordance with configuration 9, the terminal 
according to configuration 4 further has: 

conversion-value acquisition means for acquiring a 
conversion value obtained as a result of a conversion 
process carried out by using a predetermined one- 
directional function on the apparatus authentication 
information from the providing server; 

conversion-value computation means for computing a 
conversion value by execution of a conversion process 
using the predetermined one-directional function on the 
generated apparatus authentication information; and 

determination means for producing a result of 
determination as to whether or not the acquired 
conversion value is equal to the computed conversion 
value. 
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In accordance with configuration 10, the terminal 
according to configuration 9 further has: 

conversion-value computation means for computing a 
conversion value by execution of a conversion process 
using another one-directional function on the generated 
apparatus authentication information; and 

conversion-value-providing means for providing the 
computed conversion value to the providing server. 

In accordance with configuration 11, the terminal 
according to configuration 4 further has: 

conversion-value computation means for computing a 
conversion value by execution of a conversion process 
using a predetermined one-directional function on the 
generated apparatus authentication information; and 

conversion- value -providing means for providing the 
computed conversion value to the providing server. 

In accordance with configuration 12, the terminal 
according to configuration 4 further has storage means 
for storing the acquired source information, wherein the 
apparatus authentication information transmission means 
generates apparatus authentication information from the 
stored source information and transmits the apparatus 
authentication information to the apparatus 
authentication server. 
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In order to achieve the above objects of the 
present invention, in accordance with configuration 13 of 
the present invention, there is provided an apparatus 
authentication information processing method adopted in a 
terminal implemented as a computer including source- 
information acquisition means, generation means and 
apparatus authentication information transmission means . 
The apparatus authentication information processing 
method is characterized in that the apparatus 
authentication information processing method has : 

a source -information acquisition step of driving 
the source-information acquisition means to acquire 
source information provided by a providing server as a 
source used for generating apparatus authentication 
information; 

a generation step of driving the generation means 
to generate apparatus authentication information from the 
acquired source information; and 

an apparatus authentication information 
transmission step of driving the apparatus authentication 
information transmission means to transmit the generated 
apparatus authentication information to an apparatus 
authentication server at an apparatus authentication time. 

In accordance with configuration 14, by the 
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apparatus authentication information processing method 
according to claim 13, 

the source information is encrypted apparatus 
authentication information obtained as a result of a 
process to encrypt the apparatus authentication 
inf ormation; and 

at the generation step, the apparatus 
authentication information is generated by decrypting the 
encrypted apparatus authentication inf ormation . 

In accordance with configuration 15, the apparatus 
authentication information processing method according to 
claim 13 further has a storage step of encrypting 
apparatus authentication inf ormation generated by the 
generation means and storing a result of encrypting the 
apparatus authentication information into storage means 
also employed in the computer whereby, at the apparatus 
authentication information transmission step, apparatus 
authentication information stored in the storage means is 
decrypted and transmitted. 

In accordance with configuration 16, the computer 
adopting the apparatus authentication information 
processing method according to claim 15 further has key 
generation means, and the apparatus authentication 
information processing method further has a key 
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generation step of driving the key generation means to 
generate an encryption key prior to use of the encryption 
key in processes to encrypt apparatus authentication 
information to be stored into the storage means and 
decrypt apparatus authentication information stored in 
the storage means by using information peculiar to the 
terminal. 

In accordance with configuration 17, the computer 
adopting the apparatus authentication information 
processing method according to claim 16 further has key 
generation means, and the apparatus authentication 
information processing method further has a key deletion 
step of driving the key deletion means to delete the 
generated encryption key within a predetermined period 
right after use of the encryption key. 

In accordance with configuration - 18 , the computer 
adopting the apparatus authentication information 
processing method according to claim 13 further has 
conversion-value acquisition means, conversion- value 
computation means and determination means , and the 
apparatus authentication information processing method 
further includes: 

a conversion- value acquisition step of driving the 
conversion- value acquisition means to acquire a 
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conversion value obtained as a result of a conversion 
process carried out by using a predetermined one- 
directional function on the apparatus authentication 
information from the providing server; 

a conversion-value computation step of driving the 
conversion-value computation means to compute a 
conversion value by execution of a conversion process 
using the predetermined one-directional function on the 
generated apparatus authentication. information; and 

a determination step of driving the determination 
means to produce a result of determination as to whether 
or not the acquired conversion value is equal to the 
computed conversion value. 

In accordance with configuration 19, the computer 
adopting the apparatus authentication information 
processing method according to claim 18 further has 
conversion-value computation means and conversion- value - 
providing means, and the apparatus authentication 
information processing method further includes : 

a conversion-value computation step of driving the 
conversion-value computation means to compute a 
conversion value by execution of a conversion process 
using another one-directional function on the generated 
apparatus authentication information; and 
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a conversion- value -providing step of driving the 
conversion- value -providing means to provide the computed 
conversion value to the providing server. 

In accordance with configuration 20, the computer 
adopting the apparatus authentication information 
processing method according to claim 13 further has 
conversion- value computation means and conversion- value - 
providing means, and the apparatus authentication 
information processing method further includes: 

a conversion-value computation step of driving the 
conversion -value computation means to compute a 
conversion value by execution of a conversion process 
using a predetermined one-directional function on the 
generated apparatus authentication information; and 

a conversion- value -providing step of driving the 
conversion- value -providing means to provide the computed 
conversion value to the providing server. 

In accordance with configuration 21, the computer 
adopting the apparatus authentication information 
processing method according to claim 13 further has 
storage means for storing the acquired source information 
and, at the apparatus authentication information 
transmission step, apparatus authentication information 
is generated from the stored source information and 
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transmitted to the apparatus authentication server. 

In order to achieve the above objects of the 
present invention, in accordance with configuration 22 of 
the present invention, there is provided an apparatus 
authentication information processing program to be 
executed by a computer. The apparatus authentication 
information processing program is characterized in that 
the apparatus authentication information processing 
program includes: 

a source -information acquisition function of 
acquiring source information provided by a providing 
server as a source used for generating apparatus 
authentication information; 

a generation function of generating apparatus 
authentication information from the acquired source 
information; and 

an apparatus authentication information 
transmission function of transmitting the generated 
apparatus authentication information to an apparatus 
authentication server at an apparatus authentication time 

In accordance with configuration 23, in an 
apparatus authentication information processing program 
according to claim 22, the source information is 
encrypted apparatus authentication information obtained 
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as a result of a process to encrypt the apparatus 
authentication information, and the generation function 
generates the apparatus authentication information by 
decrypting the encrypted apparatus authentication 
information. 

In accordance with configuration 24, the apparatus 
authentication information processing program according 
to claim 22 further has a storage function of encrypting 
apparatus authentication information generated by the 
generation function and storing a result of encrypting 
the apparatus authentication information, wherein the 
apparatus authentication information transmission 
function decrypts apparatus authentication information 
stored by the storage function and transmits a result of 
decrypting the apparatus authentication information. 

In accordance with configuration 25, the apparatus 
authentication information processing program according 
to claim 24 further has a key generation function, which 
is to be executed by the computer to generate an 
encryption key for processes to encrypt apparatus 
authentication information to be stored by the storage 
function and decrypt apparatus authentication information 
stored by the storage function by using information 
peculiar to a terminal when it is desired to utilize the 
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encryption key. » 

In accordance with configuration 26, the apparatus 
authentication information processing program according 
to claim 25 further has a key deletion function to be 
executed by the computer to delete the generated 
encryption key within a predetermined period right after 
use of the encryption key. 

In accordance with configuration 27, the apparatus 
authentication information processing program according 
to claim 22 further has : 

a conversion-value acquisition function to be 
executed by the computer to acquire a conversion value 
obtained as a result of a conversion process carried out 
by using a predetermined one-directional function on the 
apparatus authentication information from the providing 
server; 

a conversion- value computation function to be 
executed by the computer to compute a conversion value by 
execution of a conversion process using the predetermined 
one-directional function on the generated apparatus 
authentication information; and 

a determination function to be executed by the 
computer to produce a result of determination as to 
whether or not the acquired conversion value is equal to 
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the computed conversion value. 

In accordance with configuration 28, the apparatus 
authentication information processing program according 
to claim 27 further has: 

a conversion-value computation function to be 
executed by the computer to compute a conversion value by 
execution of a conversion process using another one- 
directional function on the generated apparatus 
authentication information; and 

a conversion- value -providing function to be 
executed by the computer to provide the computed 
conversion value to the providing server. 

In accordance with configuration 29, the apparatus 
authentication information processing program according 
to claim 22 further has: 

a conversion-value computation function to be 
executed by the computer to compute a conversion value by 
execution of a conversion process using a predetermined 
one-directional function on the generated apparatus 
authentication information; and 

a conversion-value-providing function to be 
executed by the computer to provide the computed 
conversion value to the providing server. 

In accordance with configuration 30, the apparatus 
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authentication information processing program according 
to claim 22 further has a storage function to be executed 
by the computer to store the acquired source information, 
wherein the apparatus authentication information 
transmission function generates apparatus authentication 
information from the stored source information and 
transmits an apparatus authentication information to the 
apparatus authentication server. 

In order to achieve the above objects of the 
present invention, in accordance with configuration 31 of 
the present invention, there is provided a storage medium, 
which can be read by a computer and is used for storing 
an apparatus authentication information processing 
program to be executed by the computer to implement : 

a source-information acquisition function of 
acquiring source information provided by a providing 
server as a source used for generating apparatus 
authentication information; 

a generation function of generating apparatus 
authentication information from the acquired source 
information; and 

an apparatus authentication information 
transmission function of transmitting the generated 
apparatus authentication information to an apparatus 
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authentication server at an apparatus authentication time. 

In order to achieve the above objects of the 
present invention, in accordance with configuration 32 of 
the present invention, there is provided a providing 
server characterized in that the providing server 
includes : 

source -information-providing means for providing a 
terminal with source information used as a source for 
generating apparatus authentication information; 

apparatus authentication information providing 
means for providing the apparatus authentication 
information or the source information to an apparatus 
authentication server for authenticating the terminal; 

conversion-value acquisition means for acquiring a 
conversion value obtained as a result of a conversion 
process carried out by using a predetermined one- 
directional function on apparatus authentication 
information generated on the basis of the source 
information from the terminal; 

conversion-value computation means for computing a 
conversion value by execution of a conversion process 
using the one-directional function on the apparatus 
authentication information; and 

determination means for producing a result of 
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determination as to whether or not the acquired 
conversion value is equal to the computed conversion 
value. 

In accordance with configuration 33, the providing 
server according to claim 32 further has determination- 
result transmission means for transmitting a 
determination result produced by the determination means 
to a main organization for including the source 
information. 

In order to achieve the above objects of the 
present invention, in accordance with configuration 34 of 
the present invention, there is provided an apparatus 
authentication information providing method to be adopted 
in a computer, which includes source- information- 
providing means, apparatus authentication information 
providing means, conversion-value acquisition means, 
conversion-value computation means and determination 
means. The apparatus authentication information providing 
method is characterized in that the apparatus 
authentication information providing method includes: 

source -information-providing step of driving the 
source -information-providing means to provide a terminal 
with source information used as a source for generating 
apparatus authentication information; 
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an apparatus authentication information providing 
step of driving the apparatus authentication information 
providing means to provide the apparatus authentication 
information or the source information to an apparatus 
authentication server for authenticating the terminal; 

a conversion- value acquisition step of driving the 
conversion- value acquisition means to acquire a 
conversion value obtained as a result of a conversion 
process carried out by using a predetermined one- 
directional function on apparatus authentication 
information generated on the basis of the source 
information from the terminal; 

a conversion- value computation step of driving the 
conversion -value computation means to compute a 
conversion value by execution of a conversion process 
using the one-directional function on the apparatus 
authentication inf ormation; and 

a determination step of driving the determination 
means to produce a result of determination as to whether 
or not the acquired conversion value is equal to the 
computed conversion value. 

In accordance with configuration 35, the apparatus 
authentication information providing method according to 
claim 34 further has a determination-result transmission 
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step of driving determination- result transmission means 
additionally employed in the computer as further means 
for transmitting a determination result produced by the 
determination means to a main organization for including 
the source information. 

In order to achieve the above objects of the 
present invention, in accordance with configuration 36 of 
the present invention, there is provided an apparatus 
authentication information providing program to be 
executed by a computer to carry out : 

a source -information-providing function of 
providing a terminal with source information used as a 
source for generating apparatus authentication 
information; 

an apparatus authentication information providing 
function of providing the apparatus authentication 
information or the source information to an apparatus 
authentication server for authenticating the terminal; 

a conversion- value acquisition function of 
acquiring a conversion value obtained as a result of a 
conversion process carried out by using a predetermined 
one-directional function on apparatus authentication 
information generated on the basis of the source 
information from the terminal; 
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a conversion-value computation function of 
computing a conversion value by execution of a conversion 
process using the one-directional function on the 
apparatus authentication information; and 

a determination function of producing a result of 
determination as to whether or not the acquired 
conversion value is equal to the computed conversion 
value . 

In accordance with configuration 31, the apparatus 
authentication information providing program according to 
claim 36 further has a determination-result transmission 
function to be executed by the computer to transmit a 
determination result produced by the determination 
function to a main organization' for including the source 
information. 

In order to achieve the above objects of the 
present invention, in accordance with configuration 38 of 
the present invention, there is provided a storage medium 
which can be read by a computer and is used for storing 
an apparatus authentication information processing 
program to be executed by the computer to implement: 

a source-information-providing function of 
providing a terminal with source information used as a 
source for generating apparatus authentication 
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information; 

an apparatus authentication information providing 
function of providing the apparatus authentication 
information or the source information to an apparatus 
authentication server for authenticating the terminal; 

a conversion- value acquisition function of 
acquiring a conversion value obtained as a result of a 
conversion process carried out by using a predetermined 
one-directional function on apparatus authentication 
information generated on the basis of the source 
information from the terminal; 

a conversion- value computation function of 
computing a conversion value by execution of a conversion 
process using the one -directional function on the 
apparatus authentication information; and 

a determination function of producing a result of 
determination as to whether or not the acquired 
conversion value is equal to the computed conversion 
value. 

In accordance with the present invention, apparatus 
authentication information can be included in an 
apparatus with a high degree of safety. In addition, it 
is also possible to verify that apparatus authentication 
information has been included properly in an apparatus 
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with the apparatus authentication information kept in a 
confidential state as it is. 

Brief Description of Drawings 

FIG. 1 is an explanatory diagram showing a first 
embodiment in a simple manner; 

FIG. 2 is a diagram showing a typical configuration 
of a manufacturing/authentication system in the first 
embodiment; 

FIG. 3 is a diagram showing a typical configuration 
of an apparatus authentication section according to the 
first embodiment; 

FIG. 4 shows a flowchart referred to in explanation 
of a work procedure executed at a preparatory stage of 
including apparatus authentication information in the 
first embodiment; 

FIG. 5 shows a flowchart referred to in explanation 
of a procedure for including apparatus authentication 
information into a CE apparatus in the first embodiment; 

FIG. 6 shows a flowchart referred to in explanation 
of a procedure for verifying that apparatus 
authentication information has been included properly 
into a CE apparatus in the first embodiment; 

FIG. 7 shows a flowchart referred to in explanation 
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of a procedure adopted by an apparatus authentication 
server as a procedure for authenticating a CE apparatus 
in the first embodiment; 

FIG. 8 is an explanatory diagram showing tables 
stored in apparatus such as an apparatus authentication 
server according to the first embodiment; 

FIG. 9 is a diagram showing a typical hardware 
configuration of a CE apparatus according to the first 
embodiment; 

FIG. 10 is an explanatory diagram showing a second 
embodiment in a simple manner; 

FIG. 11 shows a flowchart referred to in 
explanation of a procedure for including apparatus 
authentication information into* a CE apparatus in the 
second embodiment; 

- FIG. 12 shows a flowchart referred to in 
explanation of a procedure for verifying that apparatus 
authentication information has been included properly 
into a CE apparatus in the second embodiment; 

FIG. 13 shows a flowchart referred to in 
explanation of a procedure adopted by an apparatus 
authentication server as a procedure for authenticating a 
CE apparatus in the second embodiment; 

FIG. 14 is an explanatory diagram showing tables 
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stored in apparatus such as an apparatus authentication 
server according to the second embodiment; 

FIG. 15 shows a flowchart referred to in 
explanation of a procedure for updating an application 
including a key in a third embodiment ; 

FIG. 16 is a diagram showing a typical 
configuration of an apparatus authentication section 
according to a fourth embodiment ; 

FIG. 17 shows a flowchart referred to in 
explanation of a procedure for verifying that apparatus 
authentication information has been included properly 
into a CE apparatus in the fourth embodiment; and 

FIG. 18 is an explanatory diagram showing the 
conventional method for including authentication 
information. 

Best Mode for Carrying out the Invention 

Preferred embodiments of the present invention are 
explained in detail by referring to the diagrams as 
follows. 

[Outline of the First Embodiment] 

FIG. 1 is an explanatory diagram showing a first 
embodiment in a simple manner. 

A management server 7 for managing apparatus 
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authentication information is installed in a management 
center 3 and used for encrypting apparatus authentication 
information prior to transmission of the encrypted 
apparatus authentication information to a factory 5. 

A connection means 10 is linked by a worker of the 
factory to a connector of a CE apparatus 9. The 
connection means 10 supplies apparatus authentication 
information received from the management server 7 in its 
encrypted state as it is to the CE apparatus 9 . 

The CE apparatus 9 includes an embedded write 
module for decrypting the encrypted apparatus 
authentication information and storing the result of the 
decryption in a storage unit . 

As described above, the write module decrypts 
encrypted apparatus authentication information received 
from the connection means 10 and stores the result of the 
decryption into the storage unit embedded in the CE 
apparatus 9 . 

The connection means 10 is different from the 
connection means 110 used in the conventional system in 
that the connection means 10 does not decrypt apparatus 
authentication information received from the management 
server 7, but supplies the information to the CE 
apparatus 9 right away as it is. 
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As described above, in this embodiment, apparatus 
authentication information received from the management 
server 7 also referred to as a providing server is 
supplied to the CE apparatus 9 also referred to as a 
terminal in the encrypted state as it is to be decrypted 
in the CE apparatus 9, Thus/ the security of the 
apparatus authentication information in the work to 
include the apparatus authentication information can be 
improved. 

It is to be noted that the above description merely 
explains the basic concept of the embodiment . Thus, a 
variety of changes can be made to what is described above. 

For example, as will be explained in detail in the 
following descriptions of embodiments, decrypted 
apparatus authentication information can be encrypted 
again by using another encryption key and stored in a 
storage unit so as to further improve the security of the 
information. 

In addition, the factory 5 and the management 
center 3 each include a means for verifying that 
apparatus authentication information has been included in 
the CE apparatus 9 . 
[Details of the First Embodiment! 

FIG. 2 is a diagram showing a typical configuration 
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of a manufacturing/authentication system 1 of CE 
apparatus. The manufacturing/authentication system 1 is a 
system for manufacturing and authenticating the CE 
apparatus 9. The figure shows neither a service server 
for rendering a service to the CE apparatus 9 nor other 
apparatus . 

The manufacturing/ authentication system 1 includes 
a business organization 11, a. management center 3, a 
factory 5, a CE apparatus 9 and an apparatus 
authentication server 8. 

The business organization 11 is a company for 
manufacturing the CE apparatus 9 . The business 
organization 11 is a business enterprise for putting the • 
CE apparatus 9 in the market. Activities of putting the 
CE apparatus 9 in the market include planning, 
development and sales of the CE apparatus 9 . 

The management center 3 is an organization for 
managing apparatus authentication information to be 
included in the CE apparatus 9. The management center 3 
also manages issuances of apparatus authentication 
information and encryption information for the apparatus 
authentication information. 

The factory 5 is an organization for manufacturing 
the CE apparatus 9 at a request made by the business 
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organization 11. In some cases, the business organization 
11 owns the factory 5. In other cases, the factory 5 is 
managed by a third party entrusted by the business 
organization 11 as a factory for manufacturing the CE 
apparatus 9 . 

The CE apparatus 9 manufactured at the factory 5 
internally includes apparatus authentication information 
issued by the management center 3 . 

The apparatus authentication server 8 is a server 
for receiving apparatus authentication information from 
the management center 3 as well as apparatus 
authentication information from the CE apparatus 9 and 
authenticating the CE apparatus 9. 

A CE apparatus 9 authenticated by the apparatus 
authentication server 8 is allowed to receive a service 
rendered by typically a service server. 

Next, a process to manufacture the CE apparatus 9 
in the manufacturing/authentication system 1 is explained 
by referring to reference numerals shown in the figure. 
(1): First of all, the business organization 11 designs 
the CE apparatus 9 in accordance with a plan. Then, the 
business organization 11 acquires information used for 
creating firmware to be installed in the CE apparatus 9 
from the management center 3 . 
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This firmware includes a program for including 
apparatus authentication information in the CE apparatus 
9 and a program for driving the CE apparatus 9. The 
firmware is installed in the CE apparatus 9 at the 
factory 5. The business organization 11 also obtains 
information for including apparatus authentication 
information in the CE apparatus 9 from the management 
center 3 . 

(2) : The business organization 11 requests the factory 5 
to manufacture the CE apparatus 9 and delivers the 
firmware to be installed in the CE apparatus 9 to the 
factory 5 by recording the firmware into a CD-ROM 

(Compact Disc - Read Only Memory) or by transmitting the 
firmware to the factory 5 by way of a network. 

(3) : At the .factory. 5, after the CE apparatus 9 has been 
assembled, the firmware received from the business 
organization 11 is installed in the CE apparatus 9. Then, 
the connection means 10 shown in FIG. 1 is linked to a 
connector of the CE apparatus 9. Subsequently, the 
factory 5 requests the management center 3 to transmit 
apparatus authentication information to the factory 5. 

(4) : At the request made by the factory 5, the management 
center 3 transmits apparatus authentication information 
to be installed in the CE apparatus 9 to the factory 5 by 
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way of a network. The transmitted apparatus 
authentication information is encrypted information. 

Since the original apparatus authentication 
information can be obtained by decrypting the encrypted 
apparatus authentication information, the encrypted 
apparatus authentication information can be regarded as a 
source for generating the original apparatus 
authentication information. The substance of the 
apparatus authentication information will be described 
later in detail. 

(5) : At the factory 5, the apparatus authentication 
information transmitted by the management center 3 is 
supplied to the CE apparatus 9 by way of the connection 
means 10. After the apparatus authentication information 
is decrypted in the CE apparatus 9 by using an encryption 
key included in the firmware installed in the CE 
apparatus 9, the result of the decryption process is re- 
encrypted by using another encryption key included in the 
firmware and stored in a storage medium employed in the 
CE apparatus 9 . 

(6) : Then, in accordance with a method to be described 
later, the factory 5 and the management center 3 verify 
that the apparatus authentication information has 
correctly been included in the CE apparatus 9. The 
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factory 5 can use the ^result of the verification to 
report a result of manufacturing to the management center 
3 . 

(7) : At the factory 5, after the process to assemble the 
CE apparatus 9 and the process to include the apparatus 
authentication information in the assembled CE apparatus 
9 are completed, the CE apparatus 9 is shipped. 

(8) : The management center 3 provides the apparatus 
authentication information of the CE apparatus 9 to the 
apparatus authentication server 8. 

(9) : The apparatus authentication server 8 requests the 
CE apparatus 9 to transmit the apparatus authentication 
information to the CE apparatus 9, and compares the 
apparatus authentication information received from the 
management center 3 with the apparatus authentication 
information received from the CE apparatus 9 in order to 
authenticate the CE apparatus 9. 

FIG. 3 is a diagram showing a typical configuration 
of an apparatus authentication section 99. The apparatus 
authentication section 99 is a functional section, which 
is formed inside the CE apparatus 9 by installing the 
firmware at the factory 5. 

The apparatus authentication section 99 includes an 
authentication module 20, a write module 30, an 

36 



S04P0864 



authentication information memory 40 and a main-body 
identification- information memory 50. 

The authentication module 20 is a functional 
section for providing the apparatus authentication server 
8 with a facility for authenticating the CE apparatus 9. 

The authentication module 20 has a public key 21 
and a peculiar-key generator 22 for generating a peculiar 
key 23. The public key 21 and the peculiar key 23 are 
used in transmission of apparatus authentication 
information to the apparatus authentication server 8. 

The peculiar key 23 is a key for encrypting and 
decrypting apparatus authentication information stored in 
the authentication information memory 40. Before the 
peculiar key 23 can be used, the peculiar key 23 must be 
generated in advance dynamically from the peculiar-key 
generator 22 and a MAC address 51. 

The MAC address 51 is information peculiar to the 
CE apparatus 9. In addition, the peculiar key 23 is also 
generated as a key also peculiar to the CE apparatus 9. 

In this embodiment, the peculiar key 23 is 
generated by using the MAC address 51. In actuality, the 
peculiar key 23 can be generated by using any other 
information as long as the other information is peculiar 
to the CE apparatus 9 . An example of the other 
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information is the address of i.Link (IEEE 1394). 

That is to say, the peculiar key 23 is generated by 
using information peculiar to the CE apparatus 9 as a key 
also key peculiar to the CE apparatus 9. 

As described above, even if the peculiar-key 
generator 22 included in the manufactured CE apparatus 9 
is universal information, the generated peculiar key 23 
varies from CE apparatus 9 to CE apparatus 9. Thus, the 
peculiar-key generator 22 can be managed with ease. 

The authentication module 20 having the 
configuration described above reads out apparatus 
authentication information from the authentication 
information memory 40 and decrypts the apparatus 
authentication information prior to transmission to the 
apparatus authentication server 8 along with an apparatus 
ID 41. 

After being used, the peculiar key 23 is deleted 
immediately within a predetermined period of time. The 
predetermined period of time can have a variety of 
lengths. For example, the predetermined period of time is 
a period between the start of a process to encrypt the 
apparatus authentication information and the end of a 
process carried out by the apparatus authentication 
section 99 to authenticate the CE apparatus 9. 
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As described above, this embodiment has a 
configuration in which the peculiar key 23 is deleted 
after being used. However, it is to be noted that it is 
not always necessary to delete the peculiar key 23. 

The write module 30 is a functional section for 
writing apparatus authentication information into the CE 
apparatus 9 at the factory 5. 

The write module 3 0 has a pre -write key 31, a 
peculiar-key generator 32, an apparatus -side verification 
hash function 34 and a server-side verification hash 
function 35 . 

The pre-write key 31 is a key for decrypting 
encrypted apparatus authentication information received 
from the management center 3. • 

The peculiar-key generator 32 is seed (original) 
information for generating the peculiar key 33. The 
peculiar-key generator 32 is the same as the peculiar-key 
generator 22 of the authentication module 20. 

The peculiar key 3 3 is a key for encrypting 
apparatus authentication information obtained as a result 
of a decryption process carried out by using the pre- 
write key 31. Before using the peculiar key 33, the 
peculiar key 33 must be generated in advance dynamically 
by using the peculiar-key generator 32 and the MAC 
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address 51. The peculiar key 33 is the same as the 
peculiar key 23 , which is generated in the authentication 
module 20. 

The write module 30 having the configuration 
described above decrypts encrypted apparatus 
authentication information received from the management 
center 3, re-encrypts the result of the decryption by 
using the peculiar key 33 and stores the re-encrypted 
apparatus authentication information in the 
authentication information memory 40. 

In this embodiment, by storing apparatus 
authentication information in a state of being encrypted 
by using the peculiar key 33 in the authentication 
information memory 40, the security of the apparatus 
authentication information can be improved. 

Note that it is also possible to provide a 
configuration in which apparatus authentication 
information is stored in a storage unit without 
encrypting the apparatus authentication information by 
using the peculiar key 33. In this case, since the 
authentication module 20 does not need to decrypt the 
apparatus authentication information in an authentication 
process, it is not necessary to generate the peculiar key 
23. 
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The apparatus -side verification hash function 34 is 
a function used by the write module 30 to verify that 
apparatus authentication information has been stored 
properly in the authentication information memory 40. As 
will be described later, the write module 30 verifies 
that apparatus authentication information has been 
included in the CE apparatus 9 by comparison of a hash 
value transmitted from the management center 3 with a 
hash value generated by using the apparatus -side 
verification hash function 34 as the hash value of the 
apparatus authentication information. 

The server-side verification hash function 35 is a 
function for generating a value to be used by the 
management center 3 to verify that apparatus 
authentication information has been stored properly in 
the authentication information memory 40. 

As will be described later, the write module 30 
transmits a hash value, which is generated by the server- 
side verification hash function 35 as the hash value of 
apparatus authentication information stored in the 
authentication information memory 40, to the management 
center 3 . 

The management center 3 compares the hash value 
received from the write module 30 with a hash value, 
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which is generated by using a server-side verification 
hash value function as the hash value of the issued 
apparatus authentication information, in order to verify- 
that apparatus authentication information has been 
included in the CE apparatus 9. 

As obvious from the above description, the 
embodiment provides two types of hash function, i.e, the 
apparatus -side verification hash function 34 for 
generating a hash value for verification use in the CE 
apparatus 9 and the server-side verification hash 
function 35 for generating a hash value for verification 
use in the management server 7 . 

Let us assume for example that the same hash 
functions are used for verification in the CE apparatus 9 
and the management server 7. Also let us assume that a 
third party returns a hash value transmitted by the 
management server 7 to the CE apparatus 9 back to the 
management server 7 as it is. In this case, it will be 
difficult for the management server 7 to determine 
whether the received hash value is a hash value 
transmitted by the CE apparatus 9 or the third party. 

For the reason described above, the two types of 
hash function are used in order to prevent a third party 
from pretending to be the CE apparatus 9. 

42 



S04P0864 



By the way, a hash function is a function for 
hashing an electronic text. By hashing an electronic text, 
it is possible to generate a character string peculiar to 
the text from the text. The generated string of 
characters is referred to as the hash value of the 
electronic text or a digest message of the text. 

The same hash values are obtained from the same 
electronic texts. If even only a portion of an electronic 
text is modified, a hash value obtained from the modified 
electronic text will be different from the hash value of 
the original electronic text. 

In addition, it is extremely difficult to obtain 
the original electronic text by carrying out an inverse 
conversion process on the hash value of the text. 

As described above, a hash function is a type of 
function referred to as a one-directional function, which 
allows a conversion process to be carried out in a 
forward direction with ease, but makes it extremely 
difficult to carry out an inverse conversion process of 
the hash function to obtain the original value from the 
hash value obtained as a result of the conversion process 
carried out in the forward direction. 

As described above, both the side verifying secret 
information and the side holding the secret information 
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to be verified generate a hash value of the information 
and compare the generated hash value with a hash value 
received from the other side. In this way, both the sides 
are capable of verifying that the two pieces of secret 
information are equal to each other with the confidential 
state of the secret information kept as it is. 

The authentication information memory 40 is a 
storage unit for storing information to be used for 
authenticating the CE apparatus 9. The stored information 
includes the apparatus authentication information 
described above. 

In the case of the embodiment, the stored 
information includes the apparatus ID 41 mentioned above 
and an encryption code 42 including an apparatus ID and a 
pass phrase. 

The apparatus ID 41 is ID information used for 
identifying the CE apparatus 9. The factory 5 obtains the 
apparatus ID 41 from an ' apparatus -ID management 
organization in advance and stores the apparatus ID 41 in 
the CE apparatus 9 . 

An (apparatus ID + pass phrase) 42 including an 
apparatus ID and a pass phrase includes the apparatus ID 
41 and an encrypted pass phrase at the tail of the 
apparatus ID 41. The pass phrase at the tail of the 
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apparatus ID 41 has been encrypted by using the peculiar 
key 23 or the peculiar key 33. It is to be noted that the 
order in which the apparatus ID 41 and the pass phrase 
are arranged may be reversed. 

In the following description, notation (information 
A + information B) denotes information composed of 
information A and information B placed at the tail of 
information A. Information obtained as a result of a 
process to encrypt the (information A + inf ormation B) is 
referred to as an encrypted (information A + information 
B) . 

Let us assume for example that the apparatus ID 41 
is * 123' and the pass phrase is *abc' . In this case, the 
(apparatus ID + pass phrase) 42* including the apparatus 
ID 41 and the pass phrase is 123abc. A result of a 
process to encrypt the (apparatus ID + pass phrase) by 
using the peculiar key 23 or the peculiar key 33 is 
referred to as an encrypted (apparatus ID + pass phrase) 
42. 

The pass phrase is secret information, which is 
issued by the management server 7 to be included in 
apparatus authentication information in a process to 
include the apparatus authentication information in the 
CE apparatus 9 at the factory 5 . 
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In this embodiment , an (apparatus ID + pass phrase) 
is used as apparatus authentication information. 

By combining a pass phrase with the apparatus ID as 
described above, the amount of the apparatus 
authentication information can be increased- Thus, it is 
difficult for a third party to decrypt the encrypted 
(apparatus ID + pass phrase) 42. As a result, the 
security of the apparatus authentication information can 
be improved. 

In addition, by comparing a decrypted (apparatus ID 
+ pass phrase) with a received apparatus ID in the CE 
apparatus 9, it is also possible to verify that a 
combination of the apparatus ID and the encrypted 
(apparatus ID + pass phrase) is correct. 

The main-body identification- information memory 50 
is a storage unit for storing information used for 
identifying the main body of the CE apparatus 9 . 

Examples of the information used for identifying 
the main body of the CE apparatus 9 are a MAC (Media 
Access Control) address 51 and information referred to as 
i.Link. Used for identifying the CE apparatus 9 in the 
network, the MAC address 51 is information peculiar to 
the CE apparatus 9 . 

To put it concretely, the MAC address 51 is a 
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hardware address unique to the CE apparatus 9. Thus, the 
MAC address 51 remains unchanged even if , for example, 
the CE apparatus 9 moves from a location to another in a 
network. 

Next, the following description explains a 
procedure for including apparatus authentication 
information in the CE apparatus 9 with the configuration 
described above, a procedure for verifying the included 
apparatus authentication information and a procedure for 
authenticating the CE apparatus 9 by using the included 
apparatus authentication information. 

FIG. 4 shows a flowchart referred to in explanation 
of a work procedure executed at a preparatory stage of 
including apparatus authentication information in the CE 
apparatus 9 . 

First of all, at the first step 10, the business 
organization 11 sets a product plan of the CE apparatus 9 
This product -planning work is carried out manually by for 
example a person in charge of product planning. 

Then, at the next step 12, a business -organization 
system set in the business organization 11 makes an 
access to the management server 7 to make a request for 
the pre- write key 31 for including apparatus 
authentication information in the write module 30 
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employed in the CE apparatus 9. 

The management server 7 has a key table 700 like 
one shown in FIG. 8. From the key table 700, the 
management server 7 issues a pre-write key 31 and a key 
identifier for uniquely identifying the pre-write key 31 
among other pre-write keys. Then, at a step 20, the 
management server 7 transmits the issued pre-write key 31 
and the issued key identifier to the business- 
organization system. 

The business organization 11 can have a 
configuration for requesting the management server 7 to 
transmit a product code used for identifying the type of 
the product and a peculiar-key generator to be described 
later to the business organization 11. 

The management server 7 manages product codes and 
peculiar-key generators as pairs each consisting of one 
of the product codes and a peculiar-key generator 
corresponding to the product code. 

At a step 14 , the business-organization system 
creates firmware for receiving the pre-write key 31 and 
the key identifier from the management server 7 and for 
storing the pre-write key 31 in the write module 30. In 
addition, the business-organization system includes the 
peculiar-key generator in the firmware. 
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Then, at the next step 16, the business- 
organization system transmits the created firmware, the 
key identifier and a product code used for identifying 
the type of the CE apparatus 9 to a factory system set in 
at the factory 5. 

At the factory 5, a plurality of CE apparatus 9 
identified by the product codes is produced. It is to be 
noted, however, that all the produced CE apparatus use 
the same- pre -write key 31. For this reason, the created 
firmware and the key identifier can be transmitted to a 
pair factory for producing a plurality of CE apparatus 9 
from the firmware and the key identifier, which form a 
pair. 

The factory system receives these pieces of 
information from the business-organization system. Then, 
the factory 5 starts manufacturing CE apparatus 9 
identified by the received product code. 

At a step 30, the factory system issues a product 
serial number for the CE apparatus 9 manufactured in this 
way, that is, for a product manufactured before inclusion 
of the firmware. 

A product serial number assigned to a CE apparatus 
9 is a number peculiar to the CE apparatus 9. For example 
a product serial number is a number or a barcode printed 
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on a label seal, which* is stuck on the CE apparatus 9 so 
that the product serial number can be referred to from a 
position outside the CE apparatus 9. 

In the case of this embodiment, the product serial 
number assigned to a CE apparatus 9 is information used 
for identifying the CE apparatus 9. It is to be noted, 
however, that for example, a product <:ode and a product 
serial number can also be used for identifying a CE 
apparatus 9. 

In this case, the apparatus authentication server 8 
sticks a product code and a product serial number on a CE 
apparatus 9 . 

That is to say, any information is applicable as 
long as the information can be used for identifying a CE 
apparatus 9 . 

Then, at the next step 32, the factory system 
includes the firmware in the CE apparatus 9. 

The firmware is included in the CE apparatus 9 by 
supplying the firmware to the CE apparatus 9 by way of a 
connector of the CE apparatus 9. 

The business organization 11 may deliver the 
firmware to the factory 5 by storing the firmware in a 
recording medium such as a CD-ROM. Then, at the factory 5, 
the firmware is read out from the recording medium to be 
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included in the CE apparatus 9 . 

By inclusion of the firmware into the CE apparatus 
9, the apparatus authentication section 99 shown in FIG. 
3 is created inside the CE apparatus 9. 

It is to be noted that, in the process to include 
the firmware into the CE apparatus 9, the factory system 
stores the apparatus ID 41 obtained in advance from an 
apparatus -ID management institution in the authentication 
information memory 40. At this stage, however, the 
(apparatus ID + pass phrase) 42 has not been stored in 
the authentication information memory 40. 

FIG. 5 shows a flowchart representing a procedure 
for including apparatus authentication information into a* 
CE apparatus 9, that is, a procedure for storing an 
(apparatus ID + pass phrase) 42 in the authentication 
information memory 40. 

It is to be noted that the process of including 
apparatus authentication information into a CE apparatus 
9 as described below is carried out with the connection 
means 10 connected to the CE apparatus 9. 

The factory system has a key- identifier management 
table 500 like one shown in FIG. 8. The key- identifier 
management table 500 is a table for managing product 
codes representing products with key identifiers obtained 
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from the business-organization system by associating the 
product codes with their respective key identifiers. 

At a step 40, the factory system makes an access to 
the management server 7 in order to make a request for 
issuance of a pass phrase. In addition, the factory 
system transmits the apparatus ID 41 obtained earlier and 
a key identifier stored in the key- identifier management 
table 500 as the key identifier of the CE apparatus 9 to 
the management server 7. 

At a step 50, the management server 7 issues a pass 
phrase at the request received from the factory system as 
a request for issuance of the pass phrase. 

It is to be noted, that a pass phrase is secret 
information created as a character string including 
characters, numbers and/or symbols. A pass phrase is 
information of the same type as a password. 

A relatively short character string serving as 
secret information is referred to as a password. On the 
other hand, a relatively long character string serving as 
secret information is referred to as a pass phrase. For a 
third party, the longer the encrypted string of 
characters, the more difficult the string to decrypt. 

Then, the management server 7 obtains a pre -write 
key 31 associated with the key identifier, which has been 
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received from the factory system, from the key table 700 
shown in FIG. 8. 

Subsequently, at the next step 52, the management 
server 7 generates an (apparatus ID + pass phrase) from 
the apparatus ID 41 received from the factory system and 
the pass phrase generated at the step 50 , encrypting the 
(apparatus ID + pass phrase) by using the pre -write key 
31 obtained earlier to produce an encrypted (apparatus ID 
+ pass phrase) 42. 

The encrypted (apparatus ID + pass phrase) is used 
as apparatus authentication information. 

Much like the CE apparatus 9, the management server 
7 has an apparatus -side verification hash function 34 and 
a server-side verification hash function 35. Then, at the 
next step 54, the apparatus -side verification hash 
function 34 is used for generating the hash value of the 
(apparatus ID + pass phrase) generated earlier. The hash 
value of the (apparatus ID + pass phrase) is referred to 
as a first hash value. 

The first hash value is used in the CE apparatus 9 
in determining whether or not the apparatus 
authentication information has been included properly. 

It is to be noted that the server-side verification 
hash function 35 generates a hash value to be used in the 
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management server 7 in determining whether or not the 
apparatus authentication information has been included 
properly in the management server 7 . 

Then, at the next step 56, the management server 7 
transmits the apparatus ID 41, the encrypted (apparatus 
ID + pass phrase) 42 generated above and the first hash 
value to the factory system. In this case, the management 
server 7 serves as a source- information-providing means . 

It is to be noted that the management server 7 also 
has an issued apparatus authentication information table 
702 shown in FIG. 8. When the management server 7 
transmits the apparatus ID 41, the encrypted (apparatus 
ID + pass phrase) 42 and the first hash value to the 
factory system, the management server 7 also updates the 
issued apparatus authentication information table 702. 

Thus, the issued pass phrase can be associated with 
an apparatus ID 41 and a key identifier. 

At a step 42, the factory system receives these 
pieces of information from the management server 7 and 
supplies them to the CE apparatus 9 by way of the 
connection means 10. 

At a step 60, the write module 30 employed in the 
CE apparatus 9 receives these pieces of information. The 
encrypted (apparatus ID + pass phrase) 42 corresponds to 
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the source informations Thus, in this case, the write 
module 3 0 serves as a source- information acquisition 
means 

The first hash value corresponds to a result of a 
conversion process carried out on the apparatus 
authentication information by using a one -direct ional 
function. Thus, the write module 3 0 has a conversion- 
value acquisition means. 

Then, at the next step 62, the write module 30 
decrypts the encrypted (apparatus ID + pass phrase) 42 by 
using the pre-write key 31. 

By carrying out the decryption process, the CE 
apparatus 9 is capable of obtaining the apparatus 
authentication information received from the management 
center 3. In this case, the apparatus authentication 
information is the (apparatus ID + pass phrase) . 

As described above, the write module 3 0 has 
generation means for generating apparatus authentication 
information from source information. 

The CE apparatus 9 may save the decrypted 
(apparatus ID + pass phrase) in a memory as it is. In the 
case of this embodiment, however, the (apparatus ID + 
pass phrase) is re-encrypted before being stored in the 
memory in order to enhance the security of the apparatus 
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authentication information. 

In order to carry out the re-encryption process, 
first of all, the write module 30 generates a peculiar 
key 33 from a MAC address 51 and a peculiar-key generator 
32 at the following step 64. 

This step is executed for the purpose of obtaining 
an encryption key peculiar to the CE apparatus 9. For 
example, this step is executed for the purpose of 
obtaining the peculiar key 33 by using the MAC address 51 
However, the purpose of this step is not limited to this 
example. The step can also be executed by using any 
information as far as the information is peculiar to the 
CE apparatus 9. An example, a product serial number can 
be used. ■ 

In addition, as will be described later, the 
authentication module 2 0 is also capable "of generating 
the same encryption key as the peculiar key 33. Thus, the 
write module 30 and the authentication module 20 both 
have a key generation means. 

Then, at the next step 66, the write module 30 
encrypts the (apparatus ID + pass phrase) by using the 
generated peculiar key 33 to generate an encrypted 
(apparatus ID + pass phrase) 42 . 

It is to be noted that, since the encryption key 
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used in the re-encryption -process is different from the 
encryption key used in the encryption process, the 
encrypted (apparatus ID + pass phrase) 42 is different 
from the encrypted (apparatus ID + pass phrase) received 
from the management server 7 . 

Then, at the next step 68, the write module 30 
supplies the encrypted (apparatus ID + pass phrase) 42 to 
the authentication information memory 40. Subsequently , 
at a step 70, the authentication information memory 40 
stores the encrypted (apparatus ID + pass phrase) 42 
therein. 

It is to be noted that, in the case of a 
configuration in which the apparatus authentication 
section 99 is supposed to delete the peculiar key 33, the 
peculiar key 33 is deleted immediately by key deletion 
means after being used. 

As described above, the encrypted (apparatus ID + 
pass phrase) 42 is peculiar to the CE apparatus 9 and a 
result of an encryption process using the peculiar key 33, 
which is generated dynamically. Thus, the security of the 
encrypted (apparatus ID + pass phrase) 42 can be improved. 

The authentication information memory 40 serves as 
a storage means . 

In accordance with the procedure described above, 
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the apparatus authentication information issued by the 
management server 7 can be included in the CE apparatus 9. 

In addition, since the apparatus, authentication 
information is supplied to the CE apparatus 9 in a state 
of being encrypted as it is, it is possible to prevent in 
advance the apparatus authentication information from 
being leaked out at the factory 5. It is thus possible to 
improve the security required at the time the apparatus 
authentication information is included in the CE 
apparatus 9 . 

On the top of that, since the apparatus 
authentication information is stored in the CE apparatus 
9 in a state of being re-encrypted by using an encryption 
key peculiar to the CE apparatus 9, it is possible to 
prevent in advance the apparatus authentication 
information from being leaked out from the CE apparatus 9 
after the CE apparatus 9 is shipped. It is thus possible 
to improve the security required after shipping the CE 
apparatus 9 . 

FIG. 6 shows a flowchart referred to in explanation 
of a procedure executed by the management center 3 and 
the factory 5 as a procedure for verifying that apparatus 
authentication information has been included properly 
into the CE apparatus 9 . 
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This procedure is executed with the connection 
means 10 already connected to the CE apparatus 9. 
Normally, the procedure is executed automatically after 
the factory system includes the apparatus authentication 
information in the CE apparatus 9, 

First of all, at a step 90, the write module 3 0 
employed in the apparatus authentication section 99 reads 
out the encrypted (apparatus ID + pass phrase) 42 from 
the authentication information memory 40. At this step, 
the encrypted (apparatus ID + pass phrase) 42 is 
transferred from the authentication information memory 40 
to the write module 30. 

Then, at a step 100, the write module 30 generates 
a peculiar key 3 3 from the peculiar-key generator 32 and 
the MAC address 51. Subsequently, at the next step 102, 
the write module 30 decrypts the encrypted (apparatus ID 
+ pass phrase) 42 by using the peculiar key 33. 

Then, at the next step 104, the write module 30 
generates the hash value of the decrypted (apparatus ID + 
pass phrase) by using the apparatus -side verification 
hash function 34 . The hash value of the decrypted 
(apparatus ID + pass phrase) is referred to as a first 
hash value. 

Subsequently, at the next step 106, the write 
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module 3 0 compares the first hash value received from the 
management server 7 with the hash value generated at the 
step 104 to produce a result of determination as to 
whether or not both the hash values are equal to each 
other. 

Thus, the write module 30 has conversion- value 
computation means for computing the first hash value and 
a determination means . ■ 

A determination result indicating that both the 
hash values are equal to each other also proves that the 
(apparatus ID + pass phrase) generated by the management 
server 7 matches the (apparatus ID + pass phrase) stored 
in the authentication information memory 40. 

Then, at the next step 108 , the write module 30 
generates the hash value of the (apparatus. ID + pass 
phrase) by using the server-side verification hash 
function 35. The hash value of the (apparatus ID + pass 
phrase) generated by using the server-side verification 
hash function 35 is referred to as a second hash value. 

Subsequently, at the next step 110, the write 
module 30 reads out the apparatus ID 41 from the 
authentication information memory 40, transmitting a 
determination result obtained at the step 106 as the 
result of comparison of both the first hash values, the 
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apparatus ID 41 , and the second hash value to the factory 
system. The second hash value is also transmitted to the 
management server 7 . 

As is obvious from the above description, the write 
module 30 has the conversion-value computation means and 
a conversion- value -providing means. 

On the basis of the comparison result received from 
the CE apparatus 9, the factory is capable of knowing 
whether or not the apparatus authentication information 
has been properly included in the CE apparatus 9. 

If the first hash values are not equal to each 
other, on the other hand, the apparatus ID 41 is 
discarded and an attempt is made to again include 
apparatus authentication information in the CE apparatus 
9 by using a new apparatus ID. 

The apparatus ID 41 resulting in information 
inclusion ending in a failure can also be reutilized. In 
the case of the embodiment, however, a apparatus ID 41 
resulting in information inclusion ending in a failure is 
discarded to prevent a plurality of CE apparatus 9 having 
the same apparatus ID from being sold in the market 
mistakenly. 

It is to be noted that, in the conventional 
manufacturing process, in order to maintain the 
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confidentiality of apparatus authentication information, 
after the apparatus authentication information has once 
been included in a CE apparatus 9, it is difficult to 
determine whether or not the apparatus authentication 
information has been properly included in the CE 
apparatus 9 and, in some case, the fact that the 
apparatus authentication information has been properly 
included in the CE apparatus 9 is not verified. 

..In the case of this embodiment, however, hash 
values of apparatus authentication information are 
compared with each other in the CE apparatus 9. It is 
thus possible to determine whether or not the apparatus 
authentication information has been properly included in 
the CE apparatus 9 inside the CE apparatus 9 by keeping 
the apparatus authentication information confidential as 
it is. 

After verifying that the apparatus authentication 
information has been properly included in the CE 
apparatus 9, at a step 120, the factory system transmits 
the apparatus ID 41 and the second hash value, which have 
been received from the CE apparatus 9, to the management 
server 7 along with a product serial number assigned to 
the CE apparatus 9 . 

At a step S130, the management server 7 receives 
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these pieces of information from the factory system and 
searches the issued apparatus authentication information 
table 702 shown in FIG. 8 for a pass phrase corresponding 
to the received apparatus ID 41. 

Thus, the management server 7 has conversion- value 
acquisition means for acquiring the second hash value. 

Then, the management server 7 generates an 
(apparatus ID + pass phrase) from the apparatus ID 41 and 
the pass phrase found in the search operation, producing 
a second hash value of the (apparatus ID + pass phrase) 
by using the server-side verification hash function 35. 
Thus, the management server 7 has a conversion-value 
computation means. 

Subsequently, at the next step 132, the management 
server 7 compares the second hash value received from the 
factory system with the generated second hash value in 
order to determine whether or not both the second hash 
values are equal to each other. Thus, the management 
server 7 has a determination means. 

If both the second hash values are found equal to 
each other, the management server 7 determines that the 
apparatus authentication information has been 
successfully included in the CE apparatus 9. 

If both the second hash values are found unequal to 
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each other, on the other hand, the management server 7 
determines that the apparatus authentication information 
has not beien successfully included in the CE apparatus 9. 

The management server 7 has an apparatus 
authentication table 704 like one shown in FIG. 8. The 
apparatus authentication table 704 is a table for storing 
apparatus IDs 41, pass phrases and product serial numbers 
by associating the apparatus IDs 41, the pass phrases and 
the product serial numbers with each other. 

At a step 134, the management server 7 stores the 
apparatus ID 41, the pass phrase and the product serial 
number in the apparatus authentication table 704 if both 
the second hash values are found equal to each other. 

It is to be noted that the apparatus authentication 
table 704 is supplied to the apparatus authentication 
server 8 to be used by the apparatus authentication 
server 8 in authenticating the CE apparatus 9. Thus, the 
management server 7 serves as apparatus authentication 
information providing means in this case. 

Next, at a step 136, the management server 7 adds a 
date, on which data was received from the factory system, 
to the data. The data received from the factory system is 
the apparatus ID 41, the product serial number and the 
second hash value. Then, the management server 7 puts a 
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digital signature used as a secret key on the dated data 
before transmitting the dated data to the factory. In 
this case, the management server 7 serves as a 
determination-result transmission means. 

At a step 122, the factory, system serving as a 
source information inclusion main organization receives 
the dated data from the management server 7 and confirms 
that the apparatus authentication information has been 
included in the CE apparatus 9 properly. 

In this way, the factory system is capable of 
confirming that the apparatus ID 41, the product serial 
number and the second hash value have been received by 
the management server 7. The apparatus ID 41, the product 
serial number and the second hash value can bei regarded 
as a manufacturing result. 

Then, the factory 5 ships the CE apparatus 9 
completing the manufacturing process. 

FIG. 7 shows a flowchart referred to in explanation 
of a procedure adopted by the apparatus authentication 
server 8 as a procedure for authenticating a CE apparatus 
9. 

First of all, at a step 140, the authentication 
module 20 employed in the apparatus authentication 
section 99 as shown in FIG. 3 reads out the encrypted 
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(apparatus ID + pass phrase) 42 from the authentication 
information memory 40. Thus, the (apparatus ID + pass 
phrase) 42 is transferred from the authentication 
information memory 40 to the authentication module 20. 

Then, at a step 150, the authentication module 20 
generates a peculiar key 23 by using the peculiar-key 
generator 22 and the MAC address 51. 

Subsequently, at the next step 152, the 
authentication module 20 decrypts the encrypted 
(apparatus ID + pass phrase) 42 by using the peculiar key 
23 to obtain a (apparatus ID + pass phrase) and transmits 
the (apparatus ID + pass phrase) to the apparatus 
authentication server 8 at the next step 154. Thus, the 
authentication module 20 has an apparatus authentication 
information transmission means. 

It is to be noted that a communication path between 
the CE apparatus 9 and the apparatus authentication 
server 8 is a path assuring security of exchanged data by 
using an encryption technology such as an SSL (Secure 
Socket Layer) . 

At a step 160, the apparatus authentication server 
8 receives the (apparatus ID + pass phrase) from the CE 
apparatus 9 and decrypts the (apparatus ID + pass phrase) 
by using a secret key corresponding to the public key 21. 
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Then, the apparatus authentication server 8 compares the 
decrypted pass phrase with the pass phrase stored in the 
apparatus authentication table 704 received from the 
management center 3 in order to authenticate the CE 
apparatus 9 . 

Then, at the next step 162, the apparatus 
authentication server 8 identifies the product serial 
number of the CE apparatus 9 from the apparatus 
authentication table 704. 

This step is the end of the procedure for 
authenticating the CE apparatus. 

FIG. 9 is a diagram showing a typical hardware 
configuration of the CE apparatus 9. 

A CPU (Central Processing Unit) 121 is a central 
processing section for carrying out varipus kinds of 
processing by execution of programs stored in advance in 
a ROM (Read Only Memory) 122 or programs loaded from a 
storage section 12 8 into a RAM (Random Access Memory) 123 

The ROM 122 is a memory used for storing basic 
programs necessary for execution of functions of the CE 
apparatus 9 and storing data such as parameters . 

The RAM 123 is a memory used as a working area 
required by the CPU 121 for execution of the various 
kinds of processing. 
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The storage section 128 is a unit used for storing 
other programs necessary for execution of functions of 
the CE apparatus 9 and storing data . Examples of the 
storage section 12 8 are a hard disk and a semiconductor 
memory . 

The firmware created in business organization 11 is 
stored in the storage section 128 at the factory 5. The 
CPU 121 executes the firmware to generate a variety of 
configuration elements shown in FIG. 3 as elements of the 
apparatus authentication section 99. 

The other programs stored in the storage section 
128 include an OS (Operating System) for inputting and 
outputting a file, controlling components of the CE 
apparatus 9 and carrying out basic functions. 

The CPU 121, the ROM 122 and the RAM 123 are 
connected to each other by a bus 124 . This bus 124 is 
also connected to an input/output interface 125. 

The input/output interface 125 is connected to an 
input section 126, an output section 127, the storage 
section 128 cited above and a communication section 129. 
The input section 126 includes a keyboard and a mouse 
whereas the output section 127 includes a display unit 
and a speaker. The display unit can be a CRT (Cathode Ray 
Tube) display unit or an LCD (Liquid Crystal Display) 
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unit. The storage section 128 typically includes a hard 
disk. The communication section 129 has a modem or a 
terminal adaptor. 

The communication section 129 is a functional 
unit for carrying out communication processing with other 
apparatus through a network. For example, the 
communication section 129 is connected to the connection 
means 10 to receive apparatus authentication information 
or connected to the apparatus authentication server 8 to 
carry out communications for a process to authenticate 
the CE apparatus 9 . 

If necessary, the input/output interface 125 is 
also connected to a drive 140 on which a recording medium 
is properly mounted. The recording medium can be a 
magnetic disk 141, an optical disk 142, a magneto-optical 
disk 143 or a memory card 144. As described above, a 
computer program to be executed by the CPU 121 is loaded 
from the storage section 128 into the RAM 123 if 
necessary. 

It is to be noted that, since the configurations of 
the management server 7 and apparatus authentication 
server 8 are basically the same as the configuration of 
the CE apparatus 9, the explanations of the 
configurations of the management server 7 and apparatus 
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authentication server >8 are not given. 

In accordance with the first embodiment described 
above, the (apparatus ID + pass phrase) required in the 
process to authenticate a CE apparatus 9 as apparatus 
authentication information can be transmitted from the 
management server 7 to the CE apparatus 9 with a high 
degree of safety. In addition, the factory 5 and the 
management server 7 are capable of verifying that the 
apparatus authentication information has been correctly 
included in the CE apparatus 9. 

Effects provided by the first embodiment described 
above are explained by comparing the embodiment with the 
conventional system as follows. 

(1) : In the conventional system, since the (apparatus ID 
+ pass phrase) used as apparatus authentication 
information is a clear text supplied to the CE apparatus 
9, it is quite within the bounds of possibility that a 
worker of the factory 5 or another person sees the 
apparatus authentication information either intentionally 
or not. In the case of this embodiment, on the other hand, 
the problem is solved by supplying the (apparatus ID + 
pass phrase) to the CE apparatus 9 in a state of being 
encrypted as it is . 

(2) : In the conventional system, even if the apparatus 
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authentication information is encrypted before being 
transmitted to the factory 5, for example, the method for 
including apparatus authentication information into the 
CE apparatus 9 varies from product to product and from 
factory to factory, making it impossible to provide a 
uniform technique. It is thus quite within the bounds of 
possibility that dispersions in security level are 
resulted in. In the case of this embodiment , on the other 
hand, a common method for including apparatus 
authentication information into the CE apparatus 9 is 
adopted to reduce the number of dispersions in security 
level . 

(3) : In the case of the conventional system, an 
encryption key may be leaked out and affect another CE 
apparatus 9 . In the case of this embodiment, on the other 
hand, a peculiar key 23 is generated for every CE 
apparatus 9 as a key peculiar to the CE apparatus 9 for 
which the peculiar key 23 is generated. Thus, even if a 
peculiar key 23 is leaked out, the peculiar key 23 does 
not affect another CE apparatus 9. 

As for the pre -write key 31, the effect range can 
be limited by generating the pre-write key 31 for each 
product or for every period of time. 

(4) : In the case of the conventional system, it is 
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difficult to verify that apparatus authentication 
information has been included correctly into the CE 
apparatus 9 at the factory 5 or the management center 3 
serving as an originator issuing the apparatus 
authentication information. In the case of this 
embodiment, on the other hand, by using peculiar 
information such as a hash value, it is possible to 
verify that apparatus authentication information has been 
included correctly in the CE apparatus 9 at the factory 5 
or the management center 3. 

(5) : In the case of the conventional system, it is 
difficult for the factory 5 to verify that the management 
center 3 has correctly received a report on a result of 
manufacturing. In the case of this embodiment, on the 
other hand, the management server 7 adds a date to data 
received from the factory system and puts a digital 
signature on the dated data before transmitting the dated 
data to the factory system. 

(6) : In the case of the conventional system, it is 
difficult to use other information such as an electronic 
certificate as apparatus authentication information. In 
the case of this embodiment, on the other hand, the 
present invention can be applied to an authentication 
method using an electronic certificate. 
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In the case of the embodiment, as an example, 
apparatus authentication information is transmitted to 
the factory 5 by way of a network and supplied to the CE 
apparatus 9 through the connection means 10. It is to be 
noted, however, that since the apparatus authentication 
information is supplied to the CE apparatus 9 in a state 
of being encrypted, it is also possible to provide a 
configuration in which the apparatus authentication 
information is recorded onto a storage medium such as a 
CD-ROM and the storage medium is then delivered to the 
factory 5 so that the factory 5 is capable of 
transferring the apparatus authentication information 
from the medium to the CE apparatus 9. 

In addition, in the case .of the embodiment, as an 
example, there is provided a configuration in which an 
encrypted (apparatus ID + pass phrase) received from the 
management server 7 is decrypted by using a pre -write key 
31 before being stored in the authentication information 
memory 40. However, it is also possible to provide 
another configuration in which an encrypted (apparatus ID 
+ pass phrase) received from the management server 7 is 
stored in the authentication information memory 40 right 
away without being decrypted and decrypted by using a 
pre-write key only before being used in an authentication 
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process . 4 

Next, a second embodiment is explained. 
[Outline of the Second Embodiment] 

FIG. 10 is an explanatory diagram showing a second 
embodiment in a simple manner. 

In the case of the embodiment, source information 
serving as the source for generating apparatus 
authentication information is converted into the 
apparatus authentication information by using the same 
logic in the management server 7 and the CE apparatus 9 
in a process to generate the apparatus authentication 
information. For example, the source information is 
encrypted to generate the apparatus . authentication 
information in the same encryption process using the same 
encryption key in the management server 7 and the CE 
apparatus 9 . 

First of all, the management server 7 transmits the 
source information to the factory 5 and converts the 
source information into apparatus authentication 
information in a process to generate the apparatus 
authentication information. 

At the factory 5, on the other hand, the source 
information is supplied to the CE apparatus 9 by way of 
the connection means 10. Then, the CE apparatus 9 

74 



S04P0864 



converts the received source information into apparatus 
authentication information. 

As is obvious from the above description, the 
management server 7 and the CE apparatus 9 are thus 
capable of sharing the same apparatus authentication 
information. 

In addition, even if the source information is 
leaked out to another person, the person will riot be 
capable of knowing the apparatus authentication 
information unless the person knows the logic for 
converting the source information into the apparatus 
authentication information. 

As described above, since the apparatus 
authentication information is generated by an internal 
section in the CE apparatus 9, it is possible to prevent 
the apparatus authentication information from being 
output in the form of a plain text at the factory 5 . 
[Details of the Second Embodiment] 

The configuration of the 
manufacturing/authentication system 1 is the same as the 
configuration shown in FIG. 2 as the configuration 
according to the first embodiment, and the configuration 
of the apparatus authentication section 99 is the same as 
the configuration shown in FIG. 3 as the configuration 
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according to the first* embodiment . Thus, the explanations 
of these configurations are not repeated. 

In addition, every configuration element employed 
in the second embodiment as a configuration identical 
with its counterpart employed in the first embodiment is 
explained by denoting the configuration element by the 
same reference numeral as the counterpart . 

In the following description, methods of including 
apparatus authentication information into a CE apparatus 
9, verifying the inclusion, and authenticating the CE 
apparatus 9 are explained by referring to flowcharts. 

It is to be noted that, since preparation for 
inclusion of apparatus authentication information into a 
CE apparatus 9 is the same as that of the first 
embodiment, the explanation with reference to FIG. 4 is 
not repeated. 

Much like the first embodiment, the management 
server 7 has a key table 706 like one shown in FIG. 14. 
The key table 706 is a table used for managing key 
identifiers and pre-write keys 31 by associating the key 
identifiers and the pre-write keys 31 with each other. 

FIG. 11 shows a flowchart referred to in 
explanation of a procedure for including apparatus 
authentication information into the CE apparatus 9. 
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In the procedure, the CE apparatus 9 has already- 
been assembled and the connection means 10 has been 
linked to a connector of the connection means 10. 

First of all, at a step 200, the factory system 
requests the management server 7 to issue a pass phrase 
and transmits a apparatus ID 41 obtained in advance from 
an apparatus- ID management organization to the management 
server 7 . 

It is to be noted the apparatus ID 41 is also 
stored in the authentication information memory 40. 

At a step 210, the management server 7 issues a 
pass phrase in response to the request made by the 
factory system. 

The management server 7 also has an issued 
apparatus authentication information table 708 like one 
shown in FIG. 14. The issued apparatus authentication 
information table 708 is a table used for storing 
apparatus IDs 41 received from the factory system and 
pass phrases issued for the apparatus IDs 41 by 
associating the apparatus IDs 41 and the pass phrases 
with each other. 

Then, at the next step 212, after issuing the pass 
phrase, the management server 7 associates the pass 
phrase with the received apparatus ID 41, storing the 
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pass phrase and the received apparatus ID 41 in the 
issued apparatus authentication information table 708. 

Subsequently, at the next step 214, the management 
server 7 generates an (apparatus ID + pass phrase) from 
the apparatus ID 41 and the issued pass phrase, 
transmitting the (apparatus ID + pass phrase) to the 
factory system. 

The (apparatus ID + pass phrase) will become source 
information for generating apparatus authentication 
information. 

At a step 202, the factory system receives the 
(apparatus ID + pass phrase) from the management server 7. 
Then, at the next step 204, the factory system supplies 
the (apparatus ID + pass phrase) to the CE apparatus 9 by 
way of the connection means 10. 

At a step 220, the write module 30 employed in the 
CE apparatus 9 receives the (apparatus ID + pass phrase) . 
Then, at the next step 222, the write module 3 0 encrypts 
the (apparatus ID + pass phrase) by using the pre-write 
key 31 to generate an encrypted (apparatus ID + pass 
phrase) 42. 

In the. case of this embodiment, the (apparatus ID + 
pass phrase) is used as the source information in an 
encryption process for generating the (apparatus ID + 
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pass phrase) 42, which is used as the apparatus 
authentication information. 

That is to say, the (apparatus ID + pass phrase) is 
converted into the encrypted (apparatus ID + pass phrase) 
42 obtained as a result of a conversion process adopting 
a conversion technique using the pre-write key 31. The 
encrypted (apparatus ID + pass phrase) 42 is then used as 
the apparatus authentication information. 

Subsequently, at the next step 224, the write 
module 30 generates a peculiar key 33 from a peculiar-key 
generator 32 and a MAC address 51. Then, at the next step 
226, the write module 30 re-encrypts the encrypted 
(apparatus ID + pass phrase) 42 by using the generated 
peculiar key 33. 

This is because, in the case of this embodiment, 
the encrypted (apparatus ID + pass phrase) 42 itself is 
used as the apparatus authentication information. Thus, 
by holding the encrypted (apparatus ID + pass phrase) 42 
in the CE apparatus 9 in a state of being further 
encrypted, the security of the apparatus authentication 
information can be further enhanced. 

In the following description, the encrypted 
(information A + information B) put in a state of being 
further encrypted is referred to as a re-encrypted 
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(information A + information B) . 

In this particular case, the encrypted (apparatus 
ID + pass phrase) 42 put in a state of being further 
encrypted is referred to as a re- encrypted (apparatus ID 
+ pass phrase) 42a. Subsequently , at the next step 228, 
the write module 30 writes the re-encrypted (apparatus ID 
+ pass phrase) 42a in the authentication information 
memory 40. Then, at the next step 230, the re-encrypted 
(apparatus ID + pass phrase) 42a is stored in the 
authentication information memory 40. 

As described above, in the case of this embodiment, 
the apparatus ID 41 and the re -encrypted (apparatus ID + 
pass phrase) 42a are stored in the authentication 
information memory 40. 

FIG. 12 shows a flowchart referred to in 
explanation of a procedure executed by the management 
center 3 and the factory 5 to verify that apparatus 
authentication information has been included properly in 
a CE apparatus 9 . 

This procedure is executed with the connection 
means 10 already linked to a connector of the CE 
apparatus 9. Normally, the procedure is executed 
automatically after the factory system included the 
apparatus authentication information in the CE apparatus 
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9. 

First of all, at a step 240, the write module 30 
reads out the re -encrypted (apparatus ID + pass phrase) 
42a from the authentication information memory 40. Thus, 
the re-encrypted (apparatus ID + pass phrase) 42a is 
transferred from the authentication information memory 40 
to the write module 30. 

Then, at a step 250, the write module 30 generates 
a peculiar key 33 from the peculiar-key generator 32 and 
the MAC address 51. Subsequently, at the next step 252, 
the write module 30 decrypts the re-encrypted (apparatus 
ID + pass phrase) 42a by using the peculiar key 33 to 
generate a_n encrypted (apparatus ID + pass phrase) 42. 

Then, at a step 254, the write module 30 generates 
a second hash value from the encrypted (apparatus ID + 
pass phrase) 42 by using the server-side verification 
hash function 35 and transmits the second hash value to 
the factory system at the next step 256. 

In the case of the first embodiment, a second hash 
value is generated from an (apparatus ID + pass phrase) . 
In the case of the second embodiment, on the other hand, 
a second hash value is generated from an encrypted 
(apparatus ID + pass phrase) 42. 

It is to be noted that, in the case of the second 
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embodiment, the first hash value is not used. 

At a step 260, the factory system adds an apparatus 
ID 41, a product serial number and a key identifier to 
the second hash value received from the CE apparatus 9, 
transmitting the apparatus ID 41, the product serial 
number, the key identifier and the second hash value to 
the management server 7. 

At a step 270, the management server 7 searches the 
issued apparatus authentication information table 708 
shown in FIG. 14 for a pass phrase corresponding to the 
apparatus ID 41 received from the factory system as a 
pass phrase issued to the CE apparatus 9. 

Then, at the next step 272, the management server 7 
searches the key table 706 for a pre-write key 31 
corresponding to the key identifier received from the 
factory system as a pre-write key 31 equal to the one 
stored in the CE apparatus 9. 

Subsequently, at the next step 274, the management 
server 7 generates an (apparatus ID + pass phrase) from 
the apparatus ID 41 received from the factory system and 
the pass phrase obtained in the search process carried 
out at the step 270, encrypting the generated (apparatus 
ID + pass phrase) by using the pre-write key 31 obtained 
in the search process carried out at the step 272 to 
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generate an encrypted (apparatus ID + pass phrase) 42. 

Then, at the next step 276, the management server 7 
generates a second hash value from the. generated 
encrypted (apparatus ID + pass phrase) 42 by using the 
server-side verification- hash function 35. 

Subsequently, at the next step 278, the management 
server 7 compares the second hash value generated at the 
step 276 with the second hash value received from the 
factory system in order to verify that the apparatus 
authentication information has been properly included in 
the CE apparatus 9. 

The management server 7 has an apparatus 
authentication table 710 like one shown in FIG. 14. The 
apparatus authentication table 710 is a table used for 
storing apparatus IDs 41, encrypted (apparatus ID + pass 
phrase) s 42 each used as apparatus authentication 
information, product serial numbers and key identifiers 
by associating the elements with each other. 

Then, at the next step 280, knowing that the 
apparatus authentication information has been included in 
the CE apparatus 9 properly from a result of the 
comparison of the second hash values with each other, the 
management server 7 stores the apparatus ID 41, the 
encrypted (apparatus ID + pass phrase) 42, the product 
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serial number and the key identifier in the apparatus 
authentication table 710 by associating the elements with 
each other in dependence on the result of the comparison 
of the second hash values. 

It is to be noted that the apparatus authentication 
table 710 is supplied to the apparatus application server 
8 to be used in a process to authenticate a CE apparatus 
9. 

Subsequently, at the next step 282, the management 
server 7 adds a date, on which the data was received from 
the factory system, to the data and puts a digital 
signature on the dated data by using a secret key before 
transmitting the dated data to the factory system. 

At a step 262, the factory system verifies the 
digital signature in order to confirm that the apparatus 
authentication information has properly included in the 
CE apparatus 9 . 

After verifying the fact that the apparatus 
authentication information has been included in the CE 
apparatus 9, the CE apparatus 9 is shipped from the 
factory 5 to the market . ' 

FIG. 13 shows a flowchart referred to in 
explanation of a procedure adopted by the apparatus 
authentication server 8 as a procedure for authenticating 

84 



S04P0864 



a CE apparatus 9 . 

First of all, at a step 290, the authentication 
module 20 employed in the apparatus authentication 
section 99 as shown in FIG. 3 reads out the re-encrypted 
(apparatus ID + pass phrase) 42a from the authentication 
information memory 40. Thus, the re-encrypted (apparatus 
ID + pass phrase) 42a is transferred from the 
authentication information memory 40 to the 
authentication module 20. 

Then, at a step 300, the authentication module 20 
generates a peculiar key 23 by using the peculiar-key 
generator 22 and the MAC address 51. 

Subsequently, at the next step 302, the 
authentication module 20 decrypts the re-encrypted 
(apparatus ID + pass phrase) 42a by using the peculiar 
key 23 to generate an encrypted (apparatus ID + pass 
phrase) 42. Then, at the next step 304, the 
authentication module 2 0 encrypts the encrypted 
(apparatus ID + pass phrase) 42 by using the public key 
21 prior to transmission to the apparatus authentication 
server 8 along with the apparatus ID 41. 

At a step 310, the apparatus authentication server 
8 receives the encrypted (apparatus ID + pass phrase) 42 
from the CE apparatus 9 and decrypts the encrypted 
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(apparatus ID + pass phrase) 42 by using a secret key- 
corresponding to the public key 21. Then, the apparatus 
authentication server 8 searches the apparatus 
authentication table 710 received from the management 
center 3 for an encrypted (apparatus ID + pass phrase) 42 
corresponding to the apparatus ID 41 as the encrypted 
(apparatus ID + pass phrase) 42 of the CE apparatus 9. 
The apparatus authentication server 8 then compares the 
encrypted (apparatus ID + pass phrase) 42 found in the 
search process with the received encrypted (apparatus ID 
+ pass phrase) 42 in order to authenticate the CE 
apparatus 9 . 

Subsequently, at the next step 312, the apparatus 
authentication server 8 searches the apparatus 
authentication table 710 for a product serial number 
corresponding to the apparatus ID 41 as the product 
serial number of the CE apparatus 9 . 

Thus, by execution of the procedure described above, 
the CE apparatus 9 can be authenticated. 

Effects provided by the second embodiment described 
above are explained by comparing the embodiment with the 
conventional system having problems as follows. 
(1): In the case of the conventional system, in order to 
request the management server 7 to transmit apparatus 
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authentication information, it is necessary to make a 
request for an. encrypted pass phrase corresponding to the 
pre-write key 31 stored in the CE apparatus 9. However, 
in the case of this embodiment, it is possible to request 
the management server 7 to transmit an (apparatus ID + 
pass phrase) without being aware of the pre-write key 31 
stored in the CE apparatus 9. 

(2) : In the case of the conventional system, when the 
process to manufacture the CE apparatus 9 is stopped, an 
acquired (apparatus ID + pass phrase) becomes wasteful. 
However, in the case of this embodiment, an (apparatus ID 
+ pass phrase) acquired from the management server 7 can 
be utilized by any CE apparatus. Thus, if an (apparatus 
ID + pass phrase) is left over, the (apparatus ID + pass 
phrase) can be provided to another CE apparatus 9. 

(3) : In the case of the conventional system, if the 
manufacturing line of a CE apparatus 9 is taken into 
consideration, free setting is impossible for each pre^ 
write key 31. In the case of this embodiment, on the 
other hand, each pre-write key 31 can be set without 
worrying about the manufacturing line. 

In the case of this embodiment, apparatus 
authentication information is generated in the management 
server 7 from source information and supplied to the 
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apparatus authentication server 8. In this case, the 
source information is an (apparatus ID + pass phrase) and 
the apparatus authentication information is the encrypted 
(apparatus ID + pass phrase) . However, it is to be noted, 
that the scope of the present invention is not limited to 
such a configuration. For example, it is possible to 
provide a configuration in which the management server 7 
provides source information to the apparatus 
authentication server 8, which then generates apparatus 
authentication information from the source information. 
[Third Embodiment] 

Next, a third embodiment is explained. 

This embodiment updates an application including 
keys for encrypting and decrypting apparatus 
authentication information. In the following description, 
the application is referred to as an apparatus 
authentication client. 

The apparatus authentication client is installed in 
a CE apparatus or a personal computer, forming the same 
modules as those of the apparatus authentication section 
99 shown in FIG. 3. A usage limit and others are set for 
a public key corresponding to the public key 21. In some 
cases, it. is necessary to update the public key to a new 
one. 
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In the case of the conventional system, it is 
necessary to replace all apparatus authentication clients 
with new ones when the public key is updated. 

In the case of this embodiment, by replacing a 
module included in the apparatus authentication client as 
a module corresponding to one included in the apparatus 
authentication section 99, a public key included in the 
module is updated. 

By taking a case in which the apparatus 
authentication section 99 of the CE apparatus 9 is 
updated as an example, the following description 
exemplifies an updating procedure represented by a 
flowchart of FIG. 15. 

It is to be noted that an updating server is a 
server for rendering a service to update an apparatus 
authentication- client . The updating server and the 
apparatus authentication server synchronously hold a 
relation between product codes, which are each used for 
identifying the type of a product, and peculiar-key 
generators . 

An object apparatus is a terminal having an 
apparatus authentication client to be updated. 

First of all, at a step 400, the object apparatus 
makes an access to the updating server in order to make a 
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request for updating of a module, which is the apparatus - 
authentication section 99 included in the apparatus 
authentication client. 

At a step 410 , the updating server makes a request 
for authentication of the object apparatus in response to 
the request made by the object apparatus. 

At a step 4 02, the object apparatus makes an access 
to the apparatus authentication server. Then, at a step 
422, the apparatus authentication server authenticates 
the ob j ect apparatus . 

At that time, the apparatus authentication server 
issues a one-time ID and stores the one-time ID in a 
memory by associating the one-time ID with a product code 
assigned to the object apparatus. The apparatus 
authentication server then transmits this one-time ID to 
the object apparatus. 

At a step 4 04, the object apparatus receives the 
one-time ID from the apparatus authentication server and 
transmits the one-time ID to the updating server. 

At a step 412, the updating server receives the 
one-time ID from the object apparatus and transmits the 
one-time ID to the apparatus authentication server. 

At a step 424, the apparatus authentication server 
receives the one-time ID from the updating server and 

90 



S04P0864 



transmits a product code associated with the one-time ID 
to the updating server. 

The updating server receives the product code from 
the apparatus authentication server and identifies an 
apparatus authentication client to be updated from the 
product code . ■ 

Then, at steps 4 06 and 414 , the updating server 
communicates with the object apparatus in order to 
confirm a module to be downloaded by, for example, 
collating the version of the apparatus authentication 
client on the object -apparatus side with the most recent 
version. 

Then, at a step 416, the updating server searches 
for a peculiar-key generator corresponding to the product 
code. Subsequently, at the next step 418, the updating 
server generates a module corresponding to the peculiar- 
key generator. 

At that time, a public key included in the module 
is the most recent one. 

Then, at the next step 420, the updating server 
downloads the generated module to the object apparatus. 

At a step 408, the object apparatus saves the 
downloaded module. 

As described above, in the case of this embodiment, 
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by updating the module, the public key included in the 
module can be updated. 
[Fourth Embodiment] 

In the case of the first embodiment, the CE 
apparatus 9 generates a second hash value, transmitting 
the second hash value to the management server 7, and the 
management server 7 verifies the second hash value. In 
the case of the fourth embodiment, on the other hand, the 
CE apparatus 9 transmits a result of a process to verify 
a first hash value to the management server 7. 

FIG. 16 is a diagram showing a typical 
configuration of an apparatus authentication section 99a. 
Every configuration element employed in the fourth 
embodiment as a configuration identical with its 
counterpart employed in the first embodiment is explained 
by denoting the configuration element by the same 
reference numeral as the counterpart and the explanation 
of the element is not given. 

The apparatus authentication section 99a has an 
authentication information write verification module 36 
for transmitting the result of a process to verify a 
first hash value to the management server 7. 

Since it is not necessary to transmit a second hash 
value to the management server 7, a write module 30a does 
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not include the server'-side verification hash function 35 
shown in FIG. 3 . 

The write module 30a is a unit for comparing a 
first hash value received from the management center 3 
with a first hash value generated by using the apparatus - 
side verification hash function 34 and outputs the result 
of comparison to the authentication information write 
verification module 36. 

The authentication information write verification 
module 36 further acquires an apparatus ID, transmitting 
the apparatus ID and a result of verification to the 
factory system by way of the connection means 10. 

The factory system passes on the apparatus ID and 
the result of verification along with a serial number to 
the management server 7 employed in the management center 
3. From the result of verification, the management center 
3 is capable of confirming that apparatus authentication 
information has been included in a CE apparatus 9. 

FIG. 17 shows a flowchart referred to in 
explanation of a procedure for verifying that apparatus 
authentication information has been included properly 
into a CE apparatus in this embodiment. 

Every process included in the procedure as a 
process identical with its counterpart in the flowchart 
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shown in FIG. 6 is denoted by the same step number as the 
counterpart and its explanation is not given or 
simplified. 

Steps 90 to 106 are identical with their respective 
counterparts in the first embodiment. 

At the step 106, however, the write module 30a 
compares a first hash value generated by using the 
apparatus -side verification hash function 34 with a first 
hash value received from the management server 7 in order 
to determine whether or not the former and the latter are 
equal to each other and outputs a result of the 
comparison to the authentication information write 
verification module 36. 

Then, at the next step 502, the authentication 
information write verification module 36 receives the 
result of the comparison from the write module 30a and 
also acquires an apparatus ID 41 through the 
authentication module 20, Then, the authentication 
information write verification module 36 outputs the 
result of the comparison and the apparatus ID 41 to the 
factory system by way of the connection means 10. 

At a step 504, the factory system adds a product 
serial number to the result of the comparison and the 
apparatus ID 41, which have been received from the 

94 



S04P0864 



authentication information write verification module 36, 
transmitting the product serial number, the result of the 
comparison and the apparatus ID 41 to the management 
server 7 . 

At a step 506, the management server 7 receives the 
product serial number, the result of the comparison and 
the apparatus ID 41 from the factory system. Then, on the 
basis of the result of the comparison, the management 
server 7 verifies that the first hash value generated by 
using the apparatus -side verification hash function 34 
and the first hash value received from the management 
server 7 are equal to each other, confirming that the 
apparatus authentication information has been included in 
the CE apparatus 9. 

The remaining steps are the same as their 
respective counterparts in the first embodiment. That is 
to say, at a step 134, the management server 7 stores the 
apparatus ID 41 and the product serial number in a memory 
by associating the apparatus ID 41 and the product serial 
number with each other. Then, at the next step 136, the 
management server 7 adds a date on the received data, 
puts a signature serving as secret information on the 
dated data and transmits the dated data to the factory 
system. 
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At the factory system, the signature is verified in 
order to confirm that the apparatus authentication 
information has been included properly in the CE 
apparatus 9 . 

As described above, in the case of the embodiment, 
the management server 7 is capable of confirming that 
apparatus authentication information has been included in 
the CE apparatus 9 on the basis a result of verification. 

In addition, since the management server 7 does not 
need to generate a second hash value, the magnitude of 
the load borne by the management server 7 can be reduced . 

In the case of this embodiment, the write module 
3 0a generates a first hash value. However, it is to be 
noted that another configuration can also be provided as 
a configuration in which the authentication module is 
provided with the apparatus- side verification hash 
function 34 so as to allow the authentication module to 
generate a first hash value. In this configuration, the 
authentication information write verification module 36 
receives the first hash value and an apparatus ID from 
the authentication module and verifies that the received 
hash value is equal to the other one. 

In addition, it is also possible to provide a 
configuration in which the function of the authentication 
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information write verification module 36 is included in 
the write module 3 0a. In this case, the write module 3 0a 
transmits a result of verification to the management 
server 7 . 



97 



